More and more servers will be added to waf.
How to bypass:
Waf is suitable for code layer separation, that is, it is not specifically customized, it also prevents General injection or cross-site.
The following is a case study:
When encountering such a server, he has a page with the search function.
If the request is submitted as post in the search, the modified characters are displayed in the URL. For example:
1 MQ
11 MTE
111 MTEx
1111 MTExMQ
11111 MTExMTE
111111 MTExMTEx
1111111 MTExMTExMQ, of course, is base64, but there are still some variants.
Many websites will write something similar to anti-injection before waf is available. If these things are properly analyzed, they will become an important way to break through waf.
However, the use conditions are harsh.
1. First find this point
2. Injection
General type.
For waf with some regular expression blocking keywords, it is similar to blocking: www.2cto.com select * from [key table]
Starting with some strange functions of the database
Not very common.
Eggplant @ rayh4c
Rayh4c (please do not call me eggplant .) |
We recommend that you renew this project.
For non-General cases, refer to the SQL Injection success EXP of zhimeng and discuz.
From: http://zone.wooyun.org/content/1095